Gurucul Behavior Based Traffic Analysis Detects Unknown Threats

Network Traffic Analysis Solution Identifies Compromised Devices Using ML/AI on Contextual NetFlow and Packet Inspection Data

LOS ANGELES – July 30, 2019 – Gurucul, a leader in behavior based security and fraud analytics technology for on-premises and the cloud, today announced the Gurucul Network Behavior Analytics (NBA) solution, the industry’s most advanced Network Traffic Analysis product. It leverages Gurucul’s advanced machine learning analytics to provide identification of advanced and unknown cyber threats. Gurucul is exhibiting this technology next week in booth #1100 at BlackHat USA 2019.

The Gurucul Network Behavior Analytics solution delivers flexible entity modeling to monitor and identify unusual, risky behavior from any entity. This includes traditional devices like workstations, servers and firewalls, as well as extended network devices such as Robotic Process Automation (RPA) processes, IoT devices (CCTV, vending machines), OT infrastructure (automation sensors used in manufacturing and utility industries) and point of sale (POS) devices.

Most organizations tend to rely on network monitoring tools for checking the health of the network. These tools detect and report failures of devices or connections. However, they cannot repair problems, nor can they find unknown threats. By applying behavioral analysis to network traffic, a network traffic analysis solution can help organizations identify suspicious activities that conventional cybersecurity tools would overlook.

“The adoption of cloud, mobile and IoT technologies is creating a much larger attack surface, while exposing organizations to entirely new categories of security threats including malicious bots and scripts,” said Nilesh Dherange, Chief Technology Officer for Gurucul. “As a result, addressing entity-based security threats in the network has become imperative. With very few inherent means to monitor devices and their behaviors, Gurucul’s network traffic analysis technology provides valuable detection, risk-scoring and alerting capabilities to preempt malicious activity.”

Gurucul Network Behavior Analytics

Gurucul Network Behavior Analytics identifies unknown threats using advanced machine learning algorithms on network flows and packet data. The solution uses entity models to create behavior baselines for every device and machine on the network based on network flow data such as source and destination IPs/machines, protocol and bytes in/out. It also leverages DHCP logs to correlate IP specific data to machines and users.

Gurucul Network Behavior Analytics comes with pre-packaged machine learning models pre-configured and tuned to run on high frequency network data streams to detect real-time anomalies and to risk rank threats. Tied into the Gurucul User and Entity Behavior Analytics (UEBA) platform, the solution provides 360-degree visibility across network, identity, access and activity on enterprise applications or systems.

This contextual linked data and extensive library of out-of-the-box behavior and threat models help identify advanced and unknown threats like zero-day exploits, fileless malware, and ransomware. It does so by detecting unusual behavior on a given entity (e.g. server, IP, device), related lateral movement within the network, command and control (C2) communication, suspicious account activity from a compromised account and access misuse. The product’s data processing and analytics framework quickly detects threats in real-time, as well as uncovers APT / Stealth attacks which lay dormant between various stages of a cyberattack.


Gurucul UEBA with Network Behavior Analytics is available immediately. To learn more, download the whitepaper, “Network Behavior Analytics is the Next-Generation Defense Against Modern Threats.”

About Gurucul UEBA

Gurucul User and Entity Behavior Analytics (UEBA) is a multi-use behavior-based security analytics platform with an architecture that supports an open choice of big data for scale, the ability to ingest virtually any dataset for desired attributes and includes configurable prepackaged analytics. In addition, the integrated Gurucul STUDIO enables security teams to create custom machine learning models to meet unique customer requirements without coding. Gurucul UEBA ingests and analyzes huge volumes of data generated when users access and interact with business applications, in both the data center and the cloud, to generate risk scores, identify security threats and prevent data breaches. Gurucul UEBA has been successfully deployed by government agencies and Global Fortune 500 companies.

About Gurucul

Gurucul is a global cyber security and fraud analytics company that is changing the way organizations protect their most valuable assets, data and information from insider and external threats both on-premises and in the cloud. Gurucul’s real-time security analytics and fraud analytics technology combines machine learning behavior profiling with predictive risk-scoring algorithms to predict, prevent and detect breaches.  Gurucul technology is used by Global 1000 companies and government agencies to fight cyber fraud, IP theft, insider threat and account compromise. The company is based in Los Angeles. To learn more, visit and follow us on LinkedIn and Twitter.

Media Contact
Kevin Franks
Director of Marketing

#            #            #